package login;


import java.io.*;
import java.sql.*;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.catalina.Session;

/**
 * Servlet implementation class login
 */
public class login extends HttpServlet
{
	
	
	private static final long serialVersionUID = 1L;
       
    /**
     * @see HttpServlet#HttpServlet()
     */
    public login() {
        super();
    }

	/**
	 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
	 */
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException 
	{
		reloadForm(request, response);
	}

	/**
	 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
	 */
	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException 
	{
			reloadForm(request, response);
	}


	private boolean lookupUser(HttpServletRequest request, HttpServletResponse response) 
	{
		boolean result = false;
		//grab the password
		String username = request.getParameter("username");
		String password = request.getParameter("password");
		if (username == "" || password == "")
		{
			result= false;
		}
		else
		{
		    try 
		    {
		    	//test the 
		    	Class.forName("oracle.jdbc.driver.OracleDriver");
				Connection loginConn =  DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:orant11g", "ictoosd", "ictoosd");
				Statement stmnt = loginConn.createStatement();
				
				ResultSet resSet = stmnt.executeQuery("SELECT password FROM ictoosd.customerlogin WHERE username = '" + username + "'");
			    if (resSet.next()) 
			    {
			    	 String retrievedPass = resSet.getString(1);
			    	 if (retrievedPass == password)
			    	 {
			    		 result= true;
			    	 }
			    	 else
			    	 {
			    		 result= false;
			    	 }
			    }
			    else
			    {
			    	result= false;
			    }
			} 
		    catch (SQLException sqle) 
		    {
				// TODO Auto-generated catch block
				sqle.printStackTrace();
			} 
		    catch (ClassNotFoundException cnfe) 
		    {
				// TODO Auto-generated catch block
		    	cnfe.printStackTrace();
			}
		}
		return result;
	}
	
	private void reloadForm(HttpServletRequest request, HttpServletResponse response)
	{
		String username = request.getParameter("username");
		String password = request.getParameter("password");
		String sessionStatus = request.getParameter("sessionStatus");
		
        try 
        {
        		PrintWriter out = response.getWriter();
        		
        		//let the user know the login was unsuccessful and redisplay the login information:
    			if (!lookupUser(request, response))
    				{
    					out.println("<div id=\"loginarea\">");	
    					
    					out.println("<h2>Login Failed</h2>");
    					out.println("<h3>That Username and Password combination was not found. Please try again.</h3>");
    					
    	    			out.println("<h3>If you already have an account, login below:</h3>");
    	    			out.println("<form name=\"loginform\" method=\"get\" action=\"\">");
    	    			out.println("<p>");
    	    			out.println("<label>Login Name</label>");
    	    			out.print("<input name=\"username\" id=\"username\" type=\"text\" size=\"30\" value=\"");
    	    			out.print(username);
    	    			out.println("\"/>");
    	    			out.println("<label>Email</label>");
    	    			out.print("<input name=\"password\" id=\"password\" type=\"password\" size=\"30\" value=\"");
    	    			out.print(password);
    	    			out.println("\"/>");
    	    			out.print("<input name=\"sessionStatus\" id=\"sessionStatus\" type=\"hidden\" value=\"");
    	    			out.print(sessionStatus);
    	    			out.println("\"/>");
    	    			out.println("<br/><br/>");
    	    			out.println("<input class=\"button\" type=\"submit\" value=\"Login\"  onclick=\"validateLogin(loginform)\"/>");
    	    			out.println("</p>");
    	    			out.println("</form>");
    	    			out.println("<br />");
    	    			out.println("<div id=\"registerarea\">");
    	    			out.println("<form action=\"#\">");
    	    			out.println("<h3>No account? <a href=\"register.jsp\">Register With Us</a></h3>");
    	    			out.println("</form>");
    	    			out.println("</div>");
    	    			out.println("</div>");
    	    			
    	    			
    				}
    			//display that the login was successful
    			else
        		{
        			//display new message saying login was successful
    				out.println("<div id=\"loginarea\">");	
					out.println("<h2>Login Successful</h2>");
					out.println("<h3>Enjoy your time at our site.</h3>");
					
					//'fake' form to pass back the logged in status of the 
					out.println("<form name=\"loginform\" method=\"get\" action=\"\">");
	    			out.print("<input name=\"sessionStatus\" id=\"sessionStatus\" type=\"hidden\" value=\"loggedin\"/>");
	    			out.println("</form>");
					
	    			out.println("</div>");
	    			
	    			//the java won't let me do this directly
	    			//session.setAttribute("login", "true");
	    			out.println("<% session.setAttribute(\"login\", \"true\"); %>");
        		}
        
		} 
        catch (IOException e) 
		{
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
	}

}
